What Can Go Wrong When Firms Use Your IP Address Against Fraud (Forbes)

Post Meta

Scott's Take: Adam Tanner of Forbes ran into some issues with his service providers blocking his (legitimate) actions based on variance of his IP address. If websites are basing their confidence of a user’s validity on whether they come from a single IP, doesn’t that undermine the whole concept of mobility? Read the entire article for free on Forbes.com.

All the worries stirred up by the Heartbleed security flaw highlight why it makes good sense to take precautions with personal data. But sometimes companies erect security barriers so high that they shut out even their own clients.

I recently went online to our Schwab account and requested a wire transfer. After a delay and a second request, followed by verification by telephone, several days passed without any money transfer.

Schwab then said: “In order to complete your request please go to one of our branches and bring a picture ID with you.” In a follow up call, an agent explained that the company grew suspicious based on a computer IP address — the identifying number given to a computing device — that did not match the location they expected.

I had logged in from home, but I was using a secure browser called Authentic8 Silo which masked my location (I’ve recently written about secure browsers here). I turned to experts to learn more about what had happened.

“I am surprised that mainstream companies are relying on that as a security measure, because I think the mechanism is incredibly brittle,” said Scott Petry, Authentic8’s co-founder and CEO. “If you go and travel around, it’s standard operating procedure for you to be picking up different IPs in different regions.”